From fd101a88f8490e313b633baf17b02864776898fc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 27 May 2026 09:42:02 +0000 Subject: [PATCH] fix: enable elasticsearch security to require authentication for all API access - Enable xpack.security in Elasticsearch (was explicitly disabled) - Add ELASTIC_PASSWORD env var so the built-in elastic user gets the password - Disable HTTP SSL to keep plain HTTP while still enforcing basic auth - Disable transport SSL (single-node setup) - Update healthcheck to authenticate with elastic credentials --- Containers/fulltextsearch/healthcheck.sh | 2 +- manual-install/latest.yml | 5 ++++- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 6 ++++++ php/containers.json | 5 ++++- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/Containers/fulltextsearch/healthcheck.sh b/Containers/fulltextsearch/healthcheck.sh index ba29f151..8b4f135d 100644 --- a/Containers/fulltextsearch/healthcheck.sh +++ b/Containers/fulltextsearch/healthcheck.sh @@ -4,4 +4,4 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then set -x fi -curl -fs "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1 +curl -fs -u "elastic:$FULLTEXTSEARCH_PASSWORD" "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1 diff --git a/manual-install/latest.yml b/manual-install/latest.yml index b259d708..38931483 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -455,7 +455,10 @@ services: - discovery.type=single-node - http.port=9200 - xpack.license.self_generated.type=basic - - xpack.security.enabled=false + - xpack.security.enabled=true + - xpack.security.http.ssl.enabled=false + - xpack.security.transport.ssl.enabled=false + - ELASTIC_PASSWORD=${FULLTEXTSEARCH_PASSWORD} - indices.fielddata.cache.size=20% - indices.memory.index_buffer_size=20% - thread_pool.write.queue_size=1000 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index a0b40eb8..a3a9c99b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -59,7 +59,13 @@ spec: - name: xpack.license.self_generated.type value: basic - name: xpack.security.enabled + value: "true" + - name: xpack.security.http.ssl.enabled value: "false" + - name: xpack.security.transport.ssl.enabled + value: "false" + - name: ELASTIC_PASSWORD + value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}" image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260515_145717 readinessProbe: exec: diff --git a/php/containers.json b/php/containers.json index df841f44..24b91b18 100644 --- a/php/containers.json +++ b/php/containers.json @@ -828,7 +828,10 @@ "discovery.type=single-node", "http.port=9200", "xpack.license.self_generated.type=basic", - "xpack.security.enabled=false", + "xpack.security.enabled=true", + "xpack.security.http.ssl.enabled=false", + "xpack.security.transport.ssl.enabled=false", + "ELASTIC_PASSWORD=%FULLTEXTSEARCH_PASSWORD%", "indices.fielddata.cache.size=20%", "indices.memory.index_buffer_size=20%", "thread_pool.write.queue_size=1000",